Packages changed: compat-usrmerge gcc glib2 krb5 libseccomp (2.5.1 -> 2.5.2) microos-tools (2.11 -> 2.12) open-iscsi openexr pipewire (0.3.34 -> 0.3.35) python-Jinja2 python38 (3.8.11 -> 3.8.12) python38-core (3.8.11 -> 3.8.12) qemu systemd === Details === ==== compat-usrmerge ==== - statically link xmv to avoid glibc 2.34 dependency (__libc_start_main@GLIBC_2.34) - turn on filetriggers in main package. Needed for single transaction upgrades (boo#1189788) ==== gcc ==== - Add libgccjit%{libgccjit_sover}-devel package ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - desktop-file-utils: add Pantheon desktop environment ==== krb5 ==== - Fix KDC null pointer dereference via a FAST inner body that lacks a server field; (CVE-2021-37750); (bsc#1189929); - Added patches: * 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ==== libseccomp ==== Version update (2.5.1 -> 2.5.2) - Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. ==== microos-tools ==== Version update (2.11 -> 2.12) - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains these changes not already present: * Handle IPv6 interfaces correctly. (bsc#1187958) * Handle qedi correctly in NPAR mode (bsc#1187958) * Update iscsiadm man page (bsc#1187958) * Update iface.example for ipv6 * Change iscsi IP type from defines to enum. * Handle recv() returning 0 in iscsid_response() ==== openexr ==== Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - Add patch to fix OpenEXRCore.testHUF on armv7: * openexr-fix-armv7.patch * openexr-fix-armv7-2.patch ==== pipewire ==== Version update (0.3.34 -> 0.3.35) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-media-session pipewire-modules pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.35: * Highlights: - S/PDIF passthrough over optical or HDMI is now implemented. - Some critical fixes to MIDI, draining of streams and various modules. - skypeforlinux should work better now after adding it to the quirks database. - Bluetooth codecs are now in separate plugins to make it easier to ship them. * PipeWire: - Drain was fixed in pw-stream. In some cases it would not clear the drain state correctly. Fixes the issue where speaker-test would only play one channel. - Loopback connections to a driver will now activate the driver. This fixes an issue where MIDI connections between devices or some applications (puredata) would not get any MIDI messages. (#1559)x. - The audiomixer can now mix more formats. Together with the passthrough improvements this can be used to avoid conversions to/from the DSP format in some cases. - Make sure we idle drivers when removing a node from it in all cases. JACK clients could keep a driver node busy. - Add new methods to accumulate object info. The old one was difficult to use when applications need to accumulate multiple changes. - A new interface to load modules has been added. Plugins can use this to ask the host (PipeWire) to load spa plugins. - Increase param buffer size to handle larger params. Nodes with a large number of channels would sometimes not have properties. (#1574) - Concurrent link negotiation that caused some links to not work, is now avoided. This fixes monitor ports in Ardour6. - Small tweaks to how the quantum and rate are handled when nodes move between drivers. Make node.lock-quantum work with node.latency * PipeWire modules: - The convolver plugin in filter-chain has been optimized some more. - The echo-cancel stream properties were improved so that it actually can remember the streams it links to. (#1557) - module-pulse-tunnel had the buffer attributes wrong and would cause high latency with older pulseaudio servers. (#1434) - module-roc had the properties configured wrongly, which would cause it to not work at all in most cases. (#1538) - There is now an example of a 7.1 virtual surround sink using the hesuvi impulse responses. - The convolver now supports dirac pulses as the IR. * ALSA: - UCM config is now cached per device, using up less memory. It also temporarily works around a problem in alsa-lib that is now being patched and rolled out. Should stop devices from disappearing when logging out and back in. (#1553) - Fix the MIDI clock rate matching. It was too sensitive to small changes and would spiral out of control and break MIDI rather quickly. * pipewire-media-session: - The media session can now save and restore IEC958 (S/PDIF) codecs for the sinks. - Passthrough of IEC958 (S/PDIF) content is now possible. If the client and the sink contain a compatible set of codecs, an exclusive connection can be made between client and sink to pass the encoded S/PDIF content directly to the device. - Use new introspection info update methods to suspend nodes in all cases. Sometimes, nodes would fail to suspend because the state info was not evaluated. - The media session can now work in non-DSP mode, which will try to avoid any audio conversions between client and device when possible. But, this will also disable compatibility with JACK applications. * Bluetooth - Bluetooth codecs are now compiled into separate plugins which are dynamically loaded. This makes it possible to change the plugin implementation or ship plugins separately without having to recompile the bluetooth module. * PulseAudio server - Delay stream create reply until the stream is linked to a sink/source. - The device-restore extension is now implemented. This makes it possible to configure the IEC958 (S/PDIF) codecs supported by the sink with pavucontrol. - skypeforlinux now uses the same quirks as teams to make the sinks show up in all cases. This fixes the issue of not being able to hear the remote end in skypeforlinux. * JACK - Improve catia and carla compatibility by caching objects a little longer after being removed. (#1531) - JACK ports now notify the negotiated format correctly. - A potential deadlock was fixed when multiple threads would perform a call that would require a roundtrip. - Improve bufsize callback, it should not be called right after doing activate() but only when the buffersize changes later. - Add tweak to disable the process lock. Some older apps might not expect it. (#1576) * Docs - man pages are now generated with rst2man. - DMA-BUF docs were updated. - Documentation updates. - Replace BuildRequires xmltoman with docutils (rst2man) - Update libcamera Buildrequires. ==== python-Jinja2 ==== - Add no-warnings-as-errors.patch: * Do not treat warnings as errors until upstream fix using async loops. ==== python38 ==== Version update (3.8.11 -> 3.8.12) - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== python38-core ==== Version update (3.8.11 -> 3.8.12) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== qemu ==== - Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch - Update supported file for ARM machines. - Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation. - Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7 - Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Don't reexecute user manager instances on package update yet This can't be done until users have their user instance updated to the new version that supports reexecuting with SIGRTMIN+25 because this signal terminates the user managers for the previous versions. - Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - systemd.spec: reexec user manager instances on package updates - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Drop dependency on m4 (replaced by Jinja2)